Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-9251


jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.


Published

2018-01-18T23:29:00.307

Last Modified

2024-11-21T02:40:09.093

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-79

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application jquery jquery < 3.0.0 Yes
Application oracle agile_product_lifecycle_management_for_process 6.2.0.0 Yes
Application oracle agile_product_lifecycle_management_for_process 6.2.1.0 Yes
Application oracle agile_product_lifecycle_management_for_process 6.2.2.0 Yes
Application oracle agile_product_lifecycle_management_for_process 6.2.3.0 Yes
Application oracle agile_product_lifecycle_management_for_process 6.2.3.1 Yes
Application oracle banking_platform 2.6.0 Yes
Application oracle banking_platform 2.6.1 Yes
Application oracle banking_platform 2.6.2 Yes
Application oracle business_process_management_suite 11.1.1.9.0 Yes
Application oracle business_process_management_suite 12.1.3.0.0 Yes
Application oracle business_process_management_suite 12.2.1.3.0 Yes
Application oracle communications_converged_application_server < 7.0.0.1 Yes
Application oracle communications_interactive_session_recorder 6.0 Yes
Application oracle communications_interactive_session_recorder 6.1 Yes
Application oracle communications_interactive_session_recorder 6.2 Yes
Application oracle communications_services_gatekeeper < 6.1.0.4.0 Yes
Application oracle communications_webrtc_session_controller < 7.2 Yes
Application oracle endeca_information_discovery_studio 3.1.0 Yes
Application oracle endeca_information_discovery_studio 3.2.0 Yes
Application oracle enterprise_manager_ops_center 12.2.2 Yes
Application oracle enterprise_manager_ops_center 12.3.3 Yes
Application oracle enterprise_operations_monitor 3.4 Yes
Application oracle enterprise_operations_monitor 4.0 Yes
Application oracle financial_services_analytical_applications_infrastructure ≤ 7.3.5 Yes
Application oracle financial_services_analytical_applications_infrastructure ≤ 8.0.7 Yes
Application oracle financial_services_asset_liability_management ≤ 8.0.7 Yes
Application oracle financial_services_data_integration_hub ≤ 8.0.7 Yes
Application oracle financial_services_funds_transfer_pricing ≤ 8.0.7 Yes
Application oracle financial_services_hedge_management_and_ifrs_valuations ≤ 8.0.7 Yes
Application oracle financial_services_liquidity_risk_management ≤ 8.0.6 Yes
Application oracle financial_services_loan_loss_forecasting_and_provisioning ≤ 8.0.7 Yes
Application oracle financial_services_market_risk_measurement_and_management 8.0.5 Yes
Application oracle financial_services_market_risk_measurement_and_management 8.0.6 Yes
Application oracle financial_services_profitability_management ≤ 8.0.6 Yes
Application oracle financial_services_reconciliation_framework 8.0.5 Yes
Application oracle financial_services_reconciliation_framework 8.0.6 Yes
Application oracle fusion_middleware_mapviewer 12.2.1.3.0 Yes
Application oracle healthcare_foundation 7.1 Yes
Application oracle healthcare_foundation 7.2 Yes
Application oracle healthcare_translational_research 3.1.0 Yes
Application oracle hospitality_cruise_fleet_management 9.0.11 Yes
Application oracle hospitality_guest_access 4.2.0 Yes
Application oracle hospitality_guest_access 4.2.1 Yes
Application oracle hospitality_materials_control 18.1 Yes
Application oracle hospitality_reporting_and_analytics 9.1.0 Yes
Application oracle insurance_insbridge_rating_and_underwriting 5.2 Yes
Application oracle insurance_insbridge_rating_and_underwriting 5.4 Yes
Application oracle insurance_insbridge_rating_and_underwriting 5.5 Yes
Application oracle jd_edwards_enterpriseone_tools 9.2 Yes
Application oracle jdeveloper 11.1.1.9.0 Yes
Application oracle jdeveloper 12.1.3.0.0 Yes
Application oracle jdeveloper 12.2.1.3.0 Yes
Application oracle oss_support_tools 19.1 Yes
Application oracle peoplesoft_enterprise_peopletools 8.55 Yes
Application oracle peoplesoft_enterprise_peopletools 8.56 Yes
Application oracle peoplesoft_enterprise_peopletools 8.57 Yes
Application oracle primavera_gateway 15.2 Yes
Application oracle primavera_gateway 16.2 Yes
Application oracle primavera_gateway 17.12 Yes
Application oracle primavera_unifier ≤ 17.12 Yes
Application oracle primavera_unifier 16.1 Yes
Application oracle primavera_unifier 16.2 Yes
Application oracle primavera_unifier 18.8 Yes
Application oracle real-time_scheduler 2.3.0 Yes
Application oracle retail_allocation 15.0.2 Yes
Application oracle retail_customer_insights 15.0 Yes
Application oracle retail_customer_insights 16.0 Yes
Application oracle retail_invoice_matching 15.0 Yes
Application oracle retail_sales_audit 15.0 Yes
Application oracle retail_workforce_management_software 1.60.9 Yes
Application oracle retail_workforce_management_software 1.64.0 Yes
Application oracle service_bus 12.1.3.0.0 Yes
Application oracle service_bus 12.2.1.3.0 Yes
Application oracle siebel_ui_framework 18.10 Yes
Application oracle siebel_ui_framework 18.11 Yes
Application oracle utilities_framework ≤ 4.3.0.4 Yes
Application oracle utilities_mobile_workforce_management 2.3.0 Yes
Application oracle webcenter_sites 11.1.1.8.0 Yes
Application oracle weblogic_server 12.1.3.0 Yes
Application oracle weblogic_server 12.2.1.3 Yes

References